Find out more about how we use your information at Gloucestershire Hospitals NHS Foundation Trust.
What information do we collect from you
Records which this Trust may hold about you may include the following:
- Details about you, such as your address and next of kin
- Any contact the Trust has had with you, such as appointments, clinic visits, emergency appointments, etc
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc
- Relevant information from other health professionals, relatives or those who care for you
Why do we collect your information?
We collect your information to enable us to provide you with health and social care services . However, your information may also be collected for other purposes that you should be aware of, such as CCTV recordings used for crime prevention, or if you make a complaint/enquiry or if you complete a survey. We will also use your information to contact you to see if you would like to be involved in medical research trials that might be relevant to you. In all situations the Trust is required to comply with data protection law.
Our staff may check your details with you to ensure they are up-to-date and correct. This is important to avoid errors in your care or treatment. So, if your details have changed (such as your name or address) you need to let us know.
Find out more about Understanding Patient Data
Who might we share your information with?
The Trust may decide it is appropriate to share your information with other organisations or professionals involved in your care so that you receive good quality care and to prevent you being assessed again or being asked the same questions. Ordinarily information kept by the Trust will be made available to your GP. The Trust works with many partner organisations such as Social Care services, educational bodies, housing associations, voluntary and community organisations. Staff should discuss with you what information they are sharing, why and with whom.
We will only consider sharing information with other organisations or professionals where we consider it an important part of delivering effective care. However, you have a right to object to your information being shared.
There are exceptional circumstances whereby the Trust may share information about you without your knowledge, for example, in an emergency where you or someone else might suffer substantial harm or distress, where it relates to a 'communicable disease' (such as cholera, plague, smallpox, etc.) or if information is required by law (such as a court order).
Take a look at this list of partner organisations of the Trust's main information sharing partners.
What other information about you do we hold?
As well as information that you provide to us directly, we also use information from other sources to help us provide you with safe and effective health and social care. This may include, for example:
- information from another NHS Trust, or your GP Surgery about health care that you have received previously
- information from other partner organisations such as Social Care services, housing associations, and voluntary and community organisations
How long do we keep your information?
There is a requirement for the Trust to hold a record of your information for a set length of time (which varies according to the type of information that it is). You can find further information on the rules that the Trust must follow in this document created by the Information Governance Alliance – see ‘Records Management Code of Practice for Health and Social Care 2016’).
Where is my information stored?
Some health records are held in paper form but increasingly parts of your health records are now stored electronically as the NHS strives to become paperless.
Almost all electronic records are stored in the UK. However, for a very small minority of services some information may be sent and stored abroad, such as out of hours radiology reporting where information is securely transferred to Australia. We make sure that where information is stored abroad, it has the same level of legal protection as it would if it were stored here.
What are my rights?
The Data Protection Act gives you certain rights in respect of the information we hold about you. Select a topic below for further information:
- Request a copy of information that we hold about you (read more about how to access a copy of your health record)
- Object to the Trust using your personal data
- Request to have your personal data rectified
- Request to have your personal data erased
- How to submit a request
The Trust may refuse your request (in full or in part) where there is a legal basis to refuse and you will be notified of this.
Object to the Trust using your personal data
You have the right to object to the Trust using/sharing your information, however, there is no automatic right to prevent the Trust using/sharing your information.
Objections will be considered and you will be notified of the Trust’s decision and reason for its decision.
Where we have asked for your consent to collect and use your information, you have the right to withdraw that consent at any time.
Request to have your personal data rectified
You are entitled to have personal data rectified if it is inaccurate or incomplete.
The Trust must respond within 30 calendar days. However, the Trust may extend this period up to 60 calendar days for complex requests.
The Trust may refuse the request if it believes the information is accurate/complete or there is a legal basis to refuse and you will be notified of this. You have the right to complain to the Information Commissioner’s Office and to seek correction by order of a Court.
Request to have your personal data erased
This is more commonly known as the ‘right to be forgotten’. You may request to have your data erased where:
- It no longer needs to be kept by the Trust (it has surpassed the minimum retention period)
- Where you withdraw your consent or object to the use of your data and there is no requirement for the Trust to retain the data
- It has been used unlawfully
- The Trust must comply with a legal obligation
- You are under 16 and data has been stored electronically by the Trust at your request
The Trust may refuse your request (in full or part) where there is a legal basis to refuse and you will be notified of this.
How the Trust ensures information is used appropriately
The Trust is required to provide evidence of the steps it takes to ensure information is used appropriately. Find out more
What to do if you have concerns about the use of your information
- You can contact the Trust’s Information Governance lead
- Caldicott Guardian: Dr Sean Elyan
- Trust’s Accountable Officer: Deborah Lee
- or the Data Protection Officer
If we can’t resolve your concern, you have the right to lodge a complaint with the Information Commissioner's Office